Experimenting with Electronic Commerce on the Palm Pilot

Experimenting with Electronic Commerce on the Palm. Pilot Neil Daswani daswani@cs. stanford. edu Dan Boneh dabo@cs. stanford. edu Public Key Solutions ‘ 99 April 12 - 14 1

Overview z. Security Applications on a PDA (advantages / disadvantages? ) z. How about a payment system? (wide-deployment of PDAs? ) z. Is this feasible with existing PDA technology? 2

Outline z. Trade-offs z. E-Commerce on the Palm. Pilot z. PDA-Pay. Word z. Performance z. Conclusions 3

Trade-offs z. Vs. Smart. Cards yno tamper resistance yno cryptographic accelerators ydirect line of communication with user ymore processing power ymore memory 4

Trade-offs z. Vs. Desktops yless memory yless processing power yportable 5

E-Commerce on the Palm. Pilot z. Security Features (Lack of? ) z. Cryptographic Primitives z. Authentication z. Memory Mgmt. & Backups z. Prototypical Application 6

Security Features (Lack of? ) z. Databases -- No Access Control ynon-volatile ycreator. ID y“secret” attribute (just a suggestion) z. Password Entry 7

Cryptographic Primitives DES, SHA-1, RSA figures obtained with SSLeay * ECC-DSA figures obtained with Certicom Security Builder Toolkit * 8

E-Commerce on the Palm. Pilot z. Authentication y. Pro: direct line of communication with owner y. Con: entering passwords z. Memory Management & Backups y. Encrypted Storage (Instrument Manager) y. Palm. Pilot Databases (deletion, double spending) 9

E-Commerce on the Palm. Pilot z. Small payments ($5 -> $50) z. Target Application: Pony Vending Machine 10

E-Commerce on the Palm. Pilot z. Where to start? y. Pay. Word (Rivest, Shamir) z. Why Pay. Word? yamortize cost of signatures ycoins = hash tokens 11

PDA-Pay. Word z. Palm. Pilot implementation of Pay. Word z. Minimize cryptographic operations z. Minimize storage requirements 12

PDA-Pay. Word Characteristics z. Vendor-Specific z. Pre-Pay (Debit-Based) z. Vendor = Bank z. Hash Chain Based 13

PDA-Pay. Word: Withdrawal User’s Wallet Yk Bank {Yk, k, d, vid}SECCDSA(User) Pre-Paid? Yes HCC= {Yk, k, d, exp, vid}SRSA (Bank) Y 1 Y 0 14

PDA-Pay. Word: Purchase Yk User’s Wallet Yk-i+1 Yk-i, i, HCC Yk-i Y 1 Vendor Y 0 15

PDA-Pay. Word: Withdrawal Timings Note: d = 5 16

PDA-Pay. Word: Purchase Timings (First time $1. 50 buy) 17

PDA-Pay. Word Variations z. Multiple hash chains / Multiple denominations z. Storing “sentinel” values z. Multiple Vendors (Introduce Online Broker) 18

Conclusions / Summary z. PDA = portable commerce device w/o tamper resistance z. Suitable for small payments z. Commerce protocols can be adapted z. Example: PDA-Pay. Word yleverages best of ECC and RSA 19

Acknowledements z. Certicom z. Andrew Toy 20